MPC-Friendly Commitments for Publicly Verifiable Covert Security

TL;DR

This paper introduces efficient, MPC-friendly commitment schemes within the publicly verifiable covert security model, enabling fast and communication-efficient verification in secure two-party computations with a focus on practical deployment.

Contribution

It presents novel PVC commitment schemes and indexed hash functions, achieving significant efficiency improvements and establishing lower bounds on nonlinear operations needed for verification.

Findings

Boolean circuit commitments are 60x faster to evaluate securely.

Communication costs are reduced by 36x compared to baseline hashing methods.

The schemes are tight in nonlinear gate requirements and support security amplification.

Abstract

We address the problem of efficiently verifying a commitment in a two-party computation. This addresses the scenario where a party P1 commits to a value $x$ to be used in a subsequent secure computation with another party P2 that wants to receive assurance that P1 did not cheat, i.e. that $x$ was indeed the value inputted into the secure computation. Our constructions operate in the publicly verifiable covert (PVC) security model, which is a relaxation of the malicious model of MPC appropriate in settings where P1 faces a reputational harm if caught cheating. We introduce the notion of PVC commitment scheme and indexed hash functions to build commitments schemes tailored to the PVC framework, and propose constructions for both arithmetic and Boolean circuits that result in very efficient circuits. From a practical standpoint, our constructions for Boolean circuits are $60\times$ faster to evaluate securely, and use $36\times$ less communication than baseline methods based on hashing. Moreover, we show that our constructions are tight in terms of required non-linear operations, by proving lower bounds on the nonlinear gate count of commitment verification circuits. Finally, we present a technique to amplify the security properties our constructions that allows to efficiently recover malicious guarantees with statistical security.